Astrumfutura - astrumfutura.com - Pádraic Brady
General Information:
Latest News:
Stateful vs Stateless CSRF Defences: Know The Difference 12 Aug 2013 | 07:54 pm
w2sp: Slide 8: Problem: Gremlins in the engine (Photo credit: Terriko) Scanning the blogs today, I noticed an article discussing a method of implementing Stateless CSRF protection. Stateless CSRF def...
BREACH Attacks: Extracting HTTPS Encrypted Data In Under A Minute Without Encryption Cracking 8 Aug 2013 | 08:29 pm
Welcome to Black Hat Conference Season… Last week, news started to spread from the Black Hat conference about a new oracle attack (called the BREACH attack) against HTTPS which may allow an attacker ...
Publishing Security Disclosures In Consumable Formats For Simpler Aggregation and Security Checking 15 May 2013 | 07:43 pm
This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member proje...
20 Point List For Preventing Cross-Site Scripting In PHP 22 Apr 2013 | 07:23 pm
Summarising knowledge has as much value as writing a 200 page treatise on a topic, so here is a list of 20 brief points you should bear in mind when battling Cross-Site Scripting (XSS) in PHP. Minus m...
Mockery 0.8.0 Has Been Unleashed! 2 Apr 2013 | 04:23 pm
I’m very happy to announce the release of Mockery 0.8.0. Mockery is a simple yet flexible PHP mock object framework for use in unit testing with PHPUnit, PHPSpec or any other testing framework. Its co...
Predicting Random Numbers In PHP – It’s Easier Than You Think! 25 Mar 2013 | 07:35 pm
The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 “Potential Information Disclosure and Insufficient Entr...
Getting Ahead In Security By Watching The Neighbours 18 Jan 2013 | 04:40 pm
As some of you are likely aware by now, Ruby On Rails posted a security advisory concerning critical remote code execution (RCE) vulnerabilities in its Action Pack for all versions of Rails since 2.0....
Taking PHP Security Seriously By Taking It Seriously 2 Oct 2012 | 01:37 am
Since the dawn of time, circa 1995 AD, PHP and Security have been at constant loggerheads over what priorities programmers should cling to. Programmers, by their very nature, are drawn to getting shit...
Zend Framework ElePHPants Available to Pre-Order – They’re Green! 25 Sep 2012 | 08:06 pm
Blue PHP ElePHPant plush toys are so yesterday. Ben Scholzen (you might know him as DASPRiD on IRC/Twitter) is now taking pre-orders for green Zend Framework ElePHPants. Yes, they are green. Yes, they...
PHP Escaper RFC: Consistent Escaping Functionality For Killing XSS 18 Sep 2012 | 08:36 pm
A short time ago today, I submitted a PHP RFC for discussion which proposes adding an SPL Escaper class and, quite possibly, a related set of functions dedicated to escaping data for output to HTML/XM...